[dns-operations] Change to BIND minimal-responses config option

Wessels, Duane dwessels at verisign.com
Fri Apr 21 20:44:53 UTC 2017


Hi Mukund,

Thanks for the heads-up.  

I wonder how well we understand the consequences that minimal-responses has on cached NS records?  If my authoritative servers for a second-level domain like example.com uses minimal-responses, then will a recursive cache ever receive the NS RRset from the authoritative servers?  Or will it only have the RRset from the parent (com), which might also have different TTLs?

DW




> On Apr 20, 2017, at 8:59 PM, Mukund Sivaraman <muks at isc.org> wrote:
> 
> Hi all
> 
> So far, the BIND "minimal-responses" config option was set to false in
> default config. We are changing this to true in 9.12.
> 
> Currently the BIND ARM describes it so:
> 
> minimal-responses:
> 
>    If yes, then when generating responses the server will only add
>    records to the authority and additional data sections when they are
>    required (e.g. delegations, negative responses). This may improve
>    the performance of the server. The default is no.
> 
> It'll still be possible to set it to false via config in 9.12.
> 
> As described, delegations, glue, and negative responses are unaffected,
> as it is with BIND <= 9.11 with explicit "minimal-responses yes".
> 
> We're seeking feedback on whether the change will impact anyone.
> 
> 		Mukund
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations





More information about the dns-operations mailing list